Ransomware Group World Leaks Hacks Dell Test Environment but Steals Fake Data

📟 News

Date: 24/07/2025

The hacker group World Leaks hacked one of Dell’s demonstration platforms and attempted to extort a ransom from the company. Dell reports that the criminals only stole “synthetic” (fake) data.

Representatives from Dell confirmed to the media that attackers managed to breach the Customer Solution Centers platform, which is used to demonstrate products and solutions to clients.

“Recently, attackers gained access to our Solution Center—a dedicated environment for demonstrating our products and testing trial versions for Dell’s commercial clients. The platform is intentionally separated from client and partner systems, as well as from Dell’s own networks, and is not used for providing services to clients,” the company explained.

It is specifically emphasized that the data used in the Solution Center is mostly synthetic (dummy), meaning it consists of publicly available datasets, non-confidential and system information, and test results intended solely for demonstrating Dell products.

“According to the results of the current investigation, the data obtained by the attackers is mostly synthetic, publicly available, or related to system or test environments,” Dell stated.

According to Bleeping Computer, members of World Leaks apparently believed they had stolen 1.3 TB of valuable information from Dell, including medical and financial data. However, according to the publication, the hackers ended up with fake data, and the only real information in the dump was an outdated contact list.

Journalists attempted to inquire with Dell representatives about the specifics of how the company was hacked, but received no response. The company cited an ongoing investigation and stated that they would not share any information until it is concluded.

Recall that according to information from cybersecurity specialists, the World Leaks group, which emerged in early 2025, is a “rebranding” of the RaaS group (Ransomware-as-a-Service) called Hunters International, which recently announced its closure.

World Leaks focuses exclusively on data theft and does not use encryptors. The group’s tactic is based on stealing data and extracting maximum profit from it—either extorting money from victim companies or selling the information to interested parties.

Currently, World Leaks has already begun publishing the data stolen from Dell on their website. Most of this information consists of configuration scripts, backups, and system data related to the deployment of various IT systems. In the dump, one can find rare passwords used within the company when setting up equipment. However, it seems that the leak does not contain any confidential corporate or client data.

Related posts:
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer

Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…

Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices

The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…

Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder

According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…

Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems

The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…

Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks

Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…

Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic

Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…

Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers

Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…

Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack

Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…

Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers

Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…

Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello

Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…

Full article →